[dns-operations] Reporting glue as authoritive data -- Bug!
Paul Vixie
paul at vix.com
Thu Jan 31 13:41:01 UTC 2008
"hybrid answer" is a term i'm choking on since i think these answers are
obviously and indefensibly wrong. one of the many evils they let loose
is for someone to set up a nameserver www.childporn.com, refer to it from
one or more other domains, and get free dns service from the .COM servers
for their illicit activities, using a domain name which can't be tracked
or tapped by law enforcement, and which can't be shut off due to ICANN's
policies. if no "hybrid" answers were forthcoming, then this trick would
not work. note that the implications from dnssec on clarifying who owns
what and who can answer for what are more compelling in my opinion, but,
there is also some evil that's let loose by answering queries for NS RRs
and A RRs that should properly be referred instead.
More information about the dns-operations
mailing list